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This iistru » Jai s ,s Til i v s and M >i t i <■ n the application- 

_ f < » 5 i - 

o m n<:,' \ :■ v a* ,w cache composes : 

v >' r> *.e:.,b„ , v J : ; > - ) > -rat. v may be in the cache; and 

at least one secondary Cable including caciu en curil 
^ iU)i^ 1 s <. i! o )}\ (i ti jiilou nuiiiL o < i i j t Sa shib 
a cache lookup was made, 

2. {Original) The security policy database cache of claim 1 wherein the at least one 
primary table resides in DRAM. 

v t <. latahase cache of ciai i i 

secondary tabic resides in SDRAM. 

i v >. f i 1 it* via oieprruu'\ 

lh O K it V ! K ! J 

s iCu' enUy A c 
vl \ ne p ok > v e -> oec i e ^ > h Mr < ^ 

6. {On - ^ xhicy datab che of < st one 

primary table is divided into a plurality of buckets and each bucket is subdivided into bins. 
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. < - c v * x 1 c t base c che of elai ere I c has a one 

'' ,ne < ' ^ »« -<> the if east one primary table location and the at least one seeondar) 
table. 

N 0 I < \ u d i I'VMVU.t} PO 1^ J, ,0> tiC <. ! ! C ,U\ tHOO Eift! 

V ! 

a the ga P v. j n j c x for the s primuv ml 1 t < •<iuccd s ,»n iP -eiecior < 

UOU hJ'uoi! ,| in 'til i!!. „J t iT 

9. (Original) The security policy database cache of claim 8 wherein the IF selector can be 
either IPv4 or IPv6 and includes IP destination, IP source, IP protocol, IP source port, IP 
destination port. 

f h ui I 1 H v 1 . , U \ C 

the at least one primary table is searched for a matching signature to a packet, and ifno matching 
signature is found, th at. lea one secondary tabi is not icce ?ed 

It. (Original) The security policy database cache of claim 10 wherein when the at least 

fount the at koe ore see«> olay- ahle is ,icce\-ed 

1 2. (Original) fhe security policy database cache of claim 11 wherein 1.1 the seieeto) 
match is successful flags and SA information are returned to a requesting device. 

! ' iihrossji) lb sceufip, x>L t lobiv. duo d^n 1 whenon 1 v, 1 'o ion. 
primary table is a first one of a plurality 1 primary tables and the at least one secondary table is 
a fust one of a p urabn vf secondary table--, 



i (< h l 1 u ! it lb ISC C t - v C ,i 

ph d,^ of primary tables is searched for a matching signature n a packet, and if no matching 
signature is found, the secondary table tor the one of the plurality of primary tables is not 
accessed. 

^ am.* Is. - ' ^ t bK ^ dn m nr c e Ok. 

' N i ! >riman tables is scare i d for a matching signature to a packet, ami a matching 
signature is found, the secondary table for the one of the plurality of primary tables is read and a 
selector is compared with the selector from the packet. 

! * seem t> policy database cache of claim 14 wherein if the selector 

device, 

17. (Currently Amended.) A method comprises: 

producing y si ymunre of a packet ana at least tit and semnd >n\ e^ > v<\umvnd< m 
instant > 1 ! il \ in 

kl if i i i 1 t ^ i 

i >> , m ' . v toi a match 

determining if $ *eiet oi in at emr> in t ecooaar tabh matt tcs elector of the packet; 
and if a match 

j i <>rd-ny to as oj ei a ton in; tied by the entn 

; ^ o > m ■) ! i he ui od h i 'I I iu i ) ' ^ s mi ' ^ n i -ho ' ! 
v 1 s i. e . t entry t proce s the rmd s rdh he flag 



() 0 1 IK: t J oln^ v. i whc k :nLi dx , tae f w . i o r r« 

a packet and hashing algorithm to produce the signature. 

£0. (Orig ! i , claim 7 wherein I s eket depend 

i lags a elude dr 5ping the jacket if th lieate ( ss,a 

enter a secure network. 

2 ! . (Original) The method of claim 1? wherein the packets are incoming packets. 

22. {Origmak The ir.eSbud of claim 17 wherem the packets ac -urg^r-p. packer 

i i ehj e-t v < v > p< v 

database cache. 

24. (Currently Amended) The method of claim 17 wherein if the signatures are 
evh cived ik' ^ > et u is. ,!v * e jp ^ , 

! 1 l 1 tlx se to locate the proper operati t kt d t< 

locate the correct seeurit} ■ jsociatsons (SAs} fSas-) to apph to the p teket; and 
n^os v ee , m' v.f<>'K\t s \ ^ a eaC.e eno^ into a N E H ^he, 

v f ! >. ^ 1 * U ! pa 5 i a i ^ f k 

! t v. 1 v 1 v. v. ^ ck>J pr<KC-s\l( L s s ! si! I ! lll/t i) 

value, 

2il Oi 1) ! v. S J v v 

all the matching signatures are exhausted or a secondary table match is found. 
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2". {Current!} Amended) A computer pro e: am pmcuc* residing on . e-manues readable 
mod ja i v u p v w t a ,m „ » v k | , s 

produce a signature oi a packet and first and second indexes into corresponding first and 
second primary tables of a security database cache; 

uad litems oU r- v uai mtoou\ ; , s - -. ,k v < v 

1 ,rd !l -d i f ' i " ev ten in \le' tJ o i\b Lux i e a t \ 
rre and for a match, 

5 U t \ I dj <0 iO)UI i in' 1 h m x 

28. (Original) The computer program product of claim 27 where i • > t m t o yp; ^s. 
?u es ~ v v i i f K c s ' 

flags. 

29. (Original) h computer program product of claim 27 w herein the cache uses the fP 
packet selector from a packet and hashing to produce the signature. 

s <. t 1 > < ) i U t - vAer si \ 

y i l k ' 1 I 1 od 1 U ' ! > ! > s s OH . ! 

< ^ y bypass, a : t s set un : v 

(( ) 5 gram product of claim 27 where lu kel 

incoming packets. 

^ N P ! 1 o c-m p ^ ~>i ! 1 o\ ! t • < tv 

! 1 r. >a< w 

< i mputer program pi ct of dah 7 v uei ei idded 

the seeunSo oaoy database cache. 
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34. (Cunx \ ended Hie computer program product of c 2? where fj 
signatures a;e ».\ u m , nv ; > i , } i i i product a < u » ,?7 iunhc: „ i 
instructions to: 

U lit t i , x v ! t v ) s v \ j i\^ f U< n% ^ < 0 (1 , K j > ^ , j( _^ u ^ i 

insert u c cated eorrcc SA as a cache enirv nto a SPD cache 

35. {Original) The computer program product of dam ! ereh > cket process ng 
determines the * gp£yn equals . erp, and if zero, the packet processing sets the Signature to 
another, non-zero value. 

(O gi ml) Th v. ?i i pr. du i icu >aekef pmcv sn i 

repeals until either all the matching signatures are exhausted or a secondary table match is found. 

37. (Original) A network forwarding device comprising: 
o- Vi> o\. |M^n . si,'., a.e 
a framer; 

a network processor; 

^Ct-ti! i i. U 1 T b ] 0) i v. s v t » _ 

packets, the security policy database including: 

' M v. x 1 I „t tt v if <. ft I t j f it <- >PD 

information may be in the cache; and 

at least one sccomkua sab.c mcledinn uaehc cntrSL.- Icoan. i \eb\aa. ibg;. SA 
information an >e$ > l< coitc >^ ' nickel ? bich cache loo <p 

was made; and 

a nviic x aba ic 



! h ' > \ file de c claim J where! he interface is * cess c< ei 

device. 

39. (Original) The device of claim 37 further comprising SDRAM storing the at least one 
secondary table. 

o ri v . I tbtm C hmhoi u»up > \Y m . i h < s << 

primary table, 

». x t > The device of claim 37 further comprising local memory t< jtore the a! 
least one primary table. 

42. (Original) The device of claim 37 further comprising scratchpad memory to store the 
at least oneprimat} table. 



